Bitcoin Cash SegWit hack

A few days ago BitClave team heard that redditer bchsegwitrecover made a quite clever hack to claim more than 493 BCH ($750K at that moment), which were mistakenly sent by other users to SegWit addresses in the Bitcoin Cash network. Bitcoin Cash was originated as hardfork of Bitcoin blockchain when Bitcoin decided to support SegWit as softfork. This means Bitcoin Cash does not support SegWit, but funds were successfully claimed from SegWit addresses 🤷‍♂️

What is SegWit?

SegWit is a protocol change to segregate transaction signatures and store them out of the blockchain. It was implemented in the Bitcoin network as a softfork which means nodes with old Bitcoin software will be able to interpret SegWit transactions in mined blocks correctly, but will not be able to produce ones. Also Bitcoin addresses that support SegWit transactions have a different format, you may notice they are starting with digit 3 instead of 1.

SegWit itself allows to move crypto-signatures out of transaction to achieve:

  • Fit more transactions into blocks
  • Achieve immutable transaction hash
  • Not to store transaction signatures infinitely

Who support SegWit?

The following cryptocurrencies support SegWit in order to provide Lightning Network (off-chain transactions) compatibility:

  • Litecoin network since May 10, 2017
  • Bitcoin network since August 23, 2017
  • All Bitcoin forks made after August 23, 2017
  • VTC, VIA, SYS, MONA, DGB etc.

Who does not support SegWit?

Bitcoin Cash network was originated as Bitcoin hardfork to prevent SegWit support in it’s branch. Developers are going to scale with the old-school method by just incrementing block size. So if SegWit transaction for some reason happens to be mined in the Bitcoin Cash network, it will be interpreted correctly by all nodes, but will not be checked strongly enough, because Bitcoin Cash nodes can’t understand and check SegWit transaction signatures. This behavior allowed to implement SegWit as softfork instead of hardfork in the Bitcoin network.

So, how were the funds sent to SegWit addresses claimed?

Someone decided to claim all the funds that were mistakely sent in Bitcoin Cash network to SegWit addresses for the last few months. Proceeding from the fact that Bitcoin Cash nodes like old Bitcoin nodes will be able to interpret SegWit transactions correctly but will not be able to check segregated signatures in already mined transactions, bchsegwitrecover mined this huge transaction with 400 inputs with his own node — this required to lend significant amount of computing power and several days/weeks:

The only info hacker used was Public Key, from which address is derived. A Public Key of any address is not published until the first transaction from this address appears in blockchain. So all the 400 SegWit addresses were used at least once in Bitcoin network (had outgoing transactions), and this allowed hacker to own the funds in Bitcoin Cash network.

How to avoid this?

Do not mess with networks and wallet addresses when transfer cryptocurrencies. If you face the same problem — the hacker allows you to receive your funds back with 30% comission for his trick. This is better than nothing.